<?php
include ('include/conf.php');
//begin verificare data
$id_connect = connect_to_database(HOST, USER, PASS, DATABASE);
if (isset($_POST['nume']) && isset($_POST['pass']))
{
    if ((preg_match("/[^A-Za-z0-9]_-@/", $_POST['nume']) || (strlen($_POST['nume']) >
        30)) || (preg_match("/[^A-Za-z0-9]@_-/", $_POST['pass']) || (strlen($_POST['pass']) >
        30)))
    {
        //write_log("incorect char: user $_POST[name], pass $_POST[password]");
        send_error2(6);
    }
    //begin prelucrare data
    $num = 0;
    $user = mysql_real_escape_string($_POST['nume']);
    $pass = mysql_real_escape_string($_POST['pass']);
    //verifica daca exista datele in baza de date
    $str = "SELECT * FROM clienti WHERE nume='$user' AND parola='$pass'";
    $result = mysql_query($str, $id_connect);
    $num = mysql_num_rows($result);
    if (!$result)
    {
        send_error2(1);
    }
    if ($num != 1)
    {
        write_log("user authentication failed, identified by user:$user si pass:$pass");
        send_error2();
    }
    if ($num == 1)
    {
        $value = mysql_fetch_assoc($result);
        $sesiune = random_str(32);
        $tip_cont = $value['tip_cont'];
        $mail = $value['mail'];
        $phone = $value['phone'];
        $cr_total = $value['cr_total'];
        $cr_ramas = $value['cr_ramas'];
        $cr_consumat = $value['cr_consumat'];
        //update session in baza de date
        $str = "UPDATE clienti SET sesiune='$sesiune' WHERE nume='$user'";
        $result = mysql_query($str, $id_connect);
        if (!$result)
        {
            send_error2(3);
        }
        //sand data back to interface
        $continut = "<row session='$sesiune' cont='$tip_cont' nume='$user' />";
        build_xml_packet2($continut);
    }
    else
    {
        write_log("more than one result for client identified by user:$user si pass:$pass");
        print "<?xml version='1.0' encoding='ISO-8859-1' ?>";
        print "<rows>";
        print "<row flag='0' />";
        print "</rows>";
    }
}
else
{
    write_log("not send all parameters by client!!!");
    send_error2();
}
?>
